Women In The Tech Sector: Q&A

Friday the 8th of March is International Women’s Day. In December 2018 I won the Top 100 Women In Tech Award and the awards process got me thinking about all the amazing women I have met during my journey in the tech sector. We have all had different experiences and have different recipes for success. […]

What online radicalisation can teach you about security

There has been a lot of media coverage here in the UK about a young woman who previously left the UK as a teenager to go to Syria and join Islamic State. She has recently expressed her desire to return to the UK, causing widespread disagreement as to whether she and her new-born child should […]

Paris riots and corporate security

I was recently hired to speak at an event in Paris. I love the city however this particular visit was during an unfortunate time. Paris is suffering from some of the worst and most violent rioting in many years.  As a social engineer I am interested in human behaviour and one particular area of interest […]

The Hustlers of Naples

Social engineering is a fascinating and diverse attack vector because it exploits human nature and people are generally predictable in their responses. We focus on malicious social engineering, especially when it facilitates cyber attacks upon organisations. However social engineering and its precursor, the good old ‘con’, is alive and kicking out there on the street […]

Simone – A social media investigation

Speaking around the world about social engineering one question comes up almost every time. Why is social engineering so successful? A key success factor in a targeted attack is good research, knowing the target and how to manipulate them. I have been gathering and analysing intelligence on people, places and companies for many years now. […]

Interview with DIGIT

Here’s a link to an interview with DIGIT who organise the excellent Scot-Secure event in Edinburgh (among many other things). It focuses on social engineering in the context of social media reconnaissance, manipulation and how to minimise your attack surface when using social media. Check it out here

Reconnaissance for Social Engineering: Tales from the Road

When it comes to reconnaissance and open source intelligence, research often seems like a digital battle. Using endless pieces of software, sites and APIs, we use technology to fight for the data we want. It is easy to forget how much valuable information is out there in the real world, being given away unwittingly, if […]

Can I borrow your swipecard?

This case involves an accountancy firm based in South East England.  The firm had just lost a big client and as a result had to make some cuts which included letting a few members of staff go. Jamie had been one of these staff members.  He was disgruntled to say the least.  He’d expected better […]

Stay calm and (don’t) pay the hackers

This social engineering case study highlights how attackers can use curiosity, urgency and fear to manipulate victims into breaking company protocols and get a finance employee to willingly transfer £152,000 into the attackers bank account. Miranda worked in Finance for Troy Ltd.  One morning she received an email with the subject line “Urgent C.V resend: FAO […]